On Thu, 9 Mar 2000, Paul Hoffman wrote:

> Date: Thu, 09 Mar 2000 14:01:51 -0800
> From: Paul Hoffman <phoffman@proper.com>
> To: Brook Milligan <brook@biology.nmsu.edu>
> Cc: tech-pkg@netbsd.org
> Subject: Re: Security problem with pkgsrc/mail/majordomo
> 
> At 02:55 PM 3/9/00 -0700, Brook Milligan wrote:
> >Second, validshell() in addnerd.c uses getusershell() (which reads
> >/etc/shells) to check the argument of -s against.  /sbin/nologin is
> >not in /etc/shells, so this also fails.  Two possible fixes:  1) add
> >an explicit check for /sbin/nologin; 2) add /sbin/nologin to
> >/etc/shells.  Should either of these be added to addnerd?
> 
> Adding /sbin/nologin to /etc/shells would make sense in that many of us 
> want to add no-login accounts to our systems. Given that the current 
> password file comes with /sbin/nologin for many of the accounts, I don't 
> understand why it's not already in /etc/shells.
> 
> 

someone correct me if i am wrong here, but isnt a shell no in /etc/shells
one of the checks ftpd does to see if ftp'ing to that users is aloud?

- Scott

--------------------------------------
sab@zeekuschrist.com  |  sab@ansic.net